0ae65a6b5c9977ad6748592296e07ce7

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Apr-27 20:56:12
Comments
CompanyName
FileDescription TokenBuster
FileVersion 1.0.0.0
InternalName TokenBuster.exe
LegalCopyright Copyright © 2019
LegalTrademarks
OriginalFilename TokenBuster.exe
ProductName TokenBuster
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
Malicious VirusTotal score: 36/68 (Scanned on 2021-05-02 05:40:19) MicroWorld-eScan: Trojan.GenericKD.43202029
ALYac: Trojan.GenericKD.43202029
Malwarebytes: Malware.AI.4210327017
VIPRE: Trojan.Win32.Generic!BT
Sangfor: Trojan.Win32.Save.a
K7AntiVirus: Riskware ( 0040eff71 )
Alibaba: Trojan:Win32/CryptInject.447026bb
K7GW: Riskware ( 0040eff71 )
Cybereason: malicious.b5c997
Cyren: W32/Trojan.ACOI-0556
Symantec: Trojan.Gen.MBT
APEX: Malicious
Paloalto: generic.ml
BitDefender: Trojan.GenericKD.43202029
Ad-Aware: Trojan.GenericKD.43202029
Sophos: ML/PE-A
MaxSecure: Trojan.Malware.74501972.susgen
FireEye: Generic.mg.0ae65a6b5c9977ad
Emsisoft: Trojan.GenericKD.43202029 (B)
SentinelOne: Static AI - Malicious PE
GData: Trojan.GenericKD.43202029
Webroot: W32.Trojan.Gen
Gridinsoft: Trojan.Win32.Agent.dg
Arcabit: Trojan.Generic.D29335ED
AegisLab: Trojan.Win32.Malicious.4!c
Microsoft: VirTool:MSIL/CryptInject
Cynet: Malicious (score: 100)
McAfee: Artemis!0AE65A6B5C99
Cylance: Unsafe
TrendMicro-HouseCall: TROJ_GEN.R002H09K520
Rising: Trojan.Zpevdo!8.F912 (CLOUD)
Ikarus: Virus.MSIL.CryptInject
eGambit: Unsafe.AI_Score_98%
BitDefenderTheta: Gen:NN.ZemsilF.34686.Vo0@aWy0dDm
Panda: Trj/GdSda.A
CrowdStrike: win/malicious_confidence_90% (W)

Hashes

MD5 0ae65a6b5c9977ad6748592296e07ce7
SHA1 dc9300421669951b5dde0dda71764625321b41e1
SHA256 1acf240cb3b4348fe16606f3a9bc9df027cb9b6cd614da9f8c6f39277e586076
SHA3 29c43e63e8c86d0a32e0ae4b205284216cf99ae9e4275f0f7aad530bf92f924a
SSDeep 49152:P4eFvPZhjxQbKPEUloUdjc3wI59Vi3P7AKQQwrrNiJkAqhxBBaP7XbyvDM8X86:DFnfKKsUqIKZi/8K7KQkAqhxBgP7Xba
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2019-Apr-27 20:56:12
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 11.0
SizeOfCode 0x292000
SizeOfInitializedData 0x2ca00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00293DFE (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x294000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2c4000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 677645bf4ec16fd348a1f2692b165535
SHA1 92346414741d30441185504b534c88012ca758e1
SHA256 81a5def567b84a91a67268e0a44f829d7a243b64aefce3d39044209ee14bf616
SHA3 b199d3b985e4bcbbd71082ae2bbfdbe947c15a413315e65a940bb238db46f22d
VirtualSize 0x291e04
VirtualAddress 0x2000
SizeOfRawData 0x292000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.9997

.rsrc

MD5 95335cf8ce0b3d7fce8942c1c333b5f7
SHA1 04287ac31395ce810f11a1e715f214ee4e02a1c2
SHA256 ebafc44151c60b8c348e847655022f6faf19c97d9f34fd971058ef4c7ea28f17
SHA3 a94eb5b018fb9994afd21055c1ee3bffd7b7cf2e0f813a3ee20941265b3debff
VirtualSize 0x2c7c8
VirtualAddress 0x294000
SizeOfRawData 0x2c800
PointerToRawData 0x292200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.6126

.reloc

MD5 fa27cdce4dca9fe28ffd39b5cdf2e2bf
SHA1 ec4bffc1e4b91d36c8ec62e04e9936bdb4c7e6d7
SHA256 fe8a64fdfb61bfe4ac39c484979bf286785ced11bdc26aab5688b72f7f26fae5
SHA3 5b9a94a23f7909373d4b05c45edff702d9d2157d5bc666011297358c1cc83d6d
VirtualSize 0xc
VirtualAddress 0x2c2000
SizeOfRawData 0x200
PointerToRawData 0x2bea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x47bb
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.96774
Detected Filetype PNG graphic file
MD5 34e4c28a91e12fea9fb2ffc0ca5a609d
SHA1 fac1ca68e8c18d305fee81ebe010ca13e0abb372
SHA256 7e57c97aaf6499cb85503b2e41ee106e5793595f07560daba9dfd80c67fe12ac
SHA3 addc63a76c9965c4524daadb0ae82b86bfbfe82224144697227e612c20739d01

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.13533
MD5 952b160c03c0fc9c92cd486d1ed173c5
SHA1 d2c51910c994d43d8d7825f111c4be0249c86fd8
SHA256 3e720dadad55dc3b5a5eb5e6a402864e03793d20afa9a8291270f5e4d21e7bd7
SHA3 567e8f3d4ad753e9154da1f589a7546684069874ebcc64c9e860bb506d1caad6

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.89947
MD5 eacbc663fa0f0c9999af3504a91e0345
SHA1 0340cba3e1f01a4a2c5980f2c65dfec2f51431e5
SHA256 96c7a4015d3360f09f4acaa772c266f0e0b1550678c49e7f40e63e7771690619
SHA3 302d2223c3c9a82ee7f9379bdac21baa2f9368ee366b8cf786091924eca8508e

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5488
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.93578
MD5 26e855a850005afd5804fc19434fccea
SHA1 8d84f5c6f376c81339d198568030672d23e0379c
SHA256 ca2f42b27804843ecf730f491d263b60f0ff9bc07e83cfada011c7733f5ee5f5
SHA3 c854f2394180ecdf18307dcf022a369805914c455c1ecdf2f1eb63ebbefc0f53

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.61621
MD5 9158d10b76b312e39584905ff5121b63
SHA1 a0f91dff7f16a7e0af80b25ac38bd6910e42dcc4
SHA256 b489e934c7acc5dcffc22c0fa312ba4c853ff22b207f9d088fa761affdee693d
SHA3 0f0aa103dcdfbc6b1a75d5d018bdffe258726f9e4ee0b023ce177e8e9b877ce1

6

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.45403
MD5 978284b52929af960d01fa2a4a8ffd12
SHA1 2e8fbfd316df51991b9bfc59b0a69eb27d905bed
SHA256 061eda6cd1d5b8aae29ed8a1527967f253050d95260f82e3a2cfbd41fbab7e68
SHA3 8bd9638f77412136a165988d825e9d4f42f2ea61f24b3a2b8e885448142760b3

7

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.67508
MD5 8f90ecfead995be6e5b17d0a7d521edf
SHA1 d13bb23838c7f2c0afd67e19d1ecbf8719f4d587
SHA256 854c92ceefdbdde9bd51afceef1a64e524d5b5edeee7f8ec77b815506b58b7b0
SHA3 74fe027d7d3a6b0e6a9e90cfb666b9b840ccf78fb0c01a817ca98dc5d1015853

8

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.37166
MD5 c275819a647e809231bc94eefb39d0ae
SHA1 3d4e075fd4f0c0e0819f4e06361ab1f892fd4fea
SHA256 7d80bf510962316554d121a1ed5d26e497fb9840bffa597c38346d142f94f0bf
SHA3 915e034888deb35fbcee75c5e701c24964f8598759657fc82796a0eb0e3e5244

9

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.6884
MD5 3a07670a34ffee2b221a2c48d1a1add0
SHA1 767b60a88a38997b2bd1bbb2f46f116b0403b909
SHA256 b1fcddd80d92cf3e6bd027f8ba7d4325c74fdeb54de6d623db038f8e862a34ec
SHA3 c89236ef17e8b8b03b3c9dd7169b551eb9f6ef14aa676c9bf666efc5457a48db

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.03466
Detected Filetype Icon file
MD5 6e836cbaccf721b4abda85cca4b32b24
SHA1 e4eae7038d72c4fc854f1e0229139fe9223b7c4e
SHA256 1f90791ae3b31ca40429810622c1c35744dd664cbd228112aaad7e7b60baac1e
SHA3 9690c6022666a0a7f73170f98b9dcb5777e86826ac84a3c3adceba0582364ae6

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x32c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28414
MD5 c23c2657a3024d30cee9c05af62589a6
SHA1 6e1005cae1c3456968c52a384cc6d9da4544ac8c
SHA256 c81ff9e2445ac6c70045e576cb5cee01eadca260d84bd73613d939bcf4c7a723
SHA3 72277ae7ebe04c5a2ba1b6d73a52ba1fefcb4729a7ffa1e960bb880a3f5233bf

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription TokenBuster
FileVersion (#2) 1.0.0.0
InternalName TokenBuster.exe
LegalCopyright Copyright © 2019
LegalTrademarks
OriginalFilename TokenBuster.exe
ProductName TokenBuster
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->